NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Tcp Reset from the firewall



the FTP known port problem has already been corrected for.  
In additional testing that has been done, the problem only occurs when
the files are being pulled from the FTP server and not when files are
being pushed.

Is there a way to increase the amount of time that the firewall waits
for the ACK to the syn ack before it terminates the connection ?

Naps

Robert MacDonald wrote:
> 
> Most likely your system is running into a port that is
> already in use/allocated. With that many files, the
> port setup for the data channel will invariably run
> into an 'existing' port.
> 
> See the following for assistance.
> 
> http://www.phoneboy.com/fw1/faq/0106.html
> 
> Robert
> 
> - -
> Robert P. MacDonald, Network Engineer
> Team Lead, e-Business Infrastructure
> G o r d o n   F o o d    S e r v i c e
> Voice:email: [email protected]
> 
> >>> naps <[email protected]> 12/1/00 1:49:04 PM >>>
> >
> >i'm running fw 4.0 sp 5 on NT 4.0 sp 5
> >
> >I'm having a problem where when two devices are seting up a connection
> >i'll see device 1 send a syn seq, device two will syn ack, but device
> >one fails to ack back ( the packet isn't being sent or is being lost).
> >Device one then resends its syn seq and device one will resend the syn
> >ack. But before device one can ack, the firewall sends a reset to device
> >two.  The reset causes device two to close the connection.
> >
> >I'm seeing this problem as a result of sniffing out a failed ftp
> >connection.  The client is trying to pull 1800 small files from an ftp
> >server and when the reset happens the control connection is properly
> >closed even though all of the files have not been retrieved.
> >
> >As I continue to look at this problem I'm relating it to possible
> >failures that happen once an awhile on other services accross diferent
> >firewalls in our enviroment.
> >
> >Any help or insite would be nice.
> >
> >Naps
> >Kung-Fu is very ineffective against machine gun fire.
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.